{"id":72504,"date":"2011-08-18T07:09:57","date_gmt":"2011-08-18T07:09:57","guid":{"rendered":"https:\/\/localhost\/wordpress\/?p=72504"},"modified":"2011-08-18T07:09:57","modified_gmt":"2011-08-18T07:09:57","slug":"android-malware-disguises-itself-as-google-app","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/android-malware-disguises-itself-as-google-app\/","title":{"rendered":"Android malware disguises itself as Google+ App"},"content":{"rendered":"<p>We have received a new Android malware from the Anrdoid market whose icon is like a Google+ app.<br \/>\nThis app is particularly dangerous as it gathers GPS data, call logs, text messages and even records phone calls before sending the information off to a remote server.<\/p>\n<p>After installation it asks for the following permissions:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignright\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/archive\/New_Permission.JPG\" alt=\"\" width=\"196\" height=\"443\" \/><br \/>\nPROCESS_OUTGOING_CALLS<br \/>\nINTERNET<br \/>\nACCESS_GPS<br \/>\nACCESS_COARSE_LOCATION<br \/>\nACCESS_COARSE_UPDATES<br \/>\nACCESS_FINE_LOCATION<br \/>\nREAD_PHONE_STATE<br \/>\nREAD_CONTACTS<br \/>\nWRITE_CONTACTS<br \/>\nACCESS_WIFI_STATE<br \/>\nPERMISSION_NAME<br \/>\nSEND_SMS<br \/>\nREAD_SMS<br \/>\nRECEIVE_SMS<br \/>\nWRITE_SMS<br \/>\nWAKE_LOCK<br \/>\nRECORD_AUDIO<br \/>\nWRITE_EXTERNAL_STORAGE<br \/>\nMODIFY_PHONE_STATE<br \/>\nDEVICE_POWER<br \/>\nACCESS_NETWORK_STATE<br \/>\nACCESS_WIFI_STATE<br \/>\nMODIFY_PHONE_STATE<br \/>\nDISABLE_KEYGUARD<br \/>\nWRITE_SETTINGS<br \/>\nDELETE_PACKAGES<br \/>\nKILL_BACKGROUND_PROCESSES<br \/>\nFORCE_STOP_PACKAGES<br \/>\nRESTART_PACKAGES<br \/>\nWRITE_APN_SETTINGS<\/p>\n<p>It may then start any of the following services:<\/p>\n<p>AlarmService<br \/>\nCallLogService<br \/>\nCallRecordRegisterService<br \/>\nCallRecordService<br \/>\nCallsListenerService<br \/>\nCommandExecutorService<br \/>\nContactService<br \/>\nEnvRecordService<br \/>\nGpsService<br \/>\nKeyguardLockService<br \/>\nLocationService<br \/>\nMainService<br \/>\nManualLocalService<br \/>\nRegisterService<br \/>\nScreenService<br \/>\nSendResultService<br \/>\nSmsControllerService<br \/>\nSmsService<br \/>\nSocketService<br \/>\nSyncContactService<br \/>\nUploadService<\/p>\n<p>It is also capable of receiving commands via text messages, but it requires the sender to use the pre-defined &#8220;Controller&#8221; number.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/archive\/New_Call_Income.JPG\" alt=\"\" width=\"524\" height=\"359\" \/><\/p>\n<p>It also has the capability to automatically answer incoming calls.<br \/>\nBefore answering the call, it puts the phone on silent mode to prevent the affected user from hearing it. It also hides the dial pad and sets the current screen to display the home page.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/archive\/New_Answer_call.JPG\" alt=\"\" width=\"415\" height=\"130\" \/><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/archive\/New_silenceresponce.JPG\" alt=\"\" width=\"297\" height=\"173\" \/><\/p>\n<p>As mentioned previously, the best defense against such malware is to pay attention to the permissions the application is asking for.<\/p>\n<p>Also we have recently released Quick Heal Mobile Security for Android which detects this malware as <strong>Android.Nickispy.C.<\/strong>. <\/p>\n<p>For more information please visit <a title=\"https:\/\/www.quickheal.com\/androidmobile.asp\" href=\"https:\/\/www.quickheal.com\/androidmobile.asp\">Quick Heal Mobile security<\/a>.<\/p>\n<p>Thank you Sandeep for the analysis.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We have received a new Android malware from the Anrdoid market whose icon is like a Google+ app. This app is particularly dangerous as it gathers GPS data, call logs, text messages and even records phone calls before sending the information off to a remote server. After installation it asks for the following permissions: PROCESS_OUTGOING_CALLS [&hellip;]<\/p>\n","protected":false},"author":22,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[55,24,60],"tags":[56,57,49,59,61,67],"class_list":["post-72504","post","type-post","status-publish","format-standard","hentry","category-android","category-malware","category-smartphone","tag-android-security","tag-droid-defense","tag-malware","tag-mobile-devices","tag-smartphone-security","tag-third-party-apps"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72504"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/22"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=72504"}],"version-history":[{"count":0,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72504\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=72504"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=72504"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=72504"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}